[Samba] Can't access remote workstations without MASQUERADE

Rodrigo Gruppelli grupis at doctornet.com.br
Thu Feb 13 20:37:24 GMT 2003 

Hi everyone! I have a little problem here.
First let explain my network topology

I have a 192.168.0.0/24 network, with win98 workstations, a NT
serving domain and another NT as a WINS server.

192.168.0.3 - NT / WINS
192.168.0.6 - NT / DOMAIN
192.168.0.1 - Internet gateway
192.168.0.2 - Wireless AP 200 that connects to a linux gw

 ==--==-=-=-==-=   AIR :) -- --- == --==--=-- =-=-

192.168.0.4 - IP of the wireless iface of a linux gw on the remote side
192.168.1.1 - IP of the ethernet interface of the linux gw (this samba is
acting as a local master browser for the 192.168.1.0/24 network and is
serving some files)
192.168.1.0/24 - remote side network.


All of this machines are configured to use WINS at 192.168.0.3, all NT
servers, samba server, win98 machines, of both sides.

I already setup all the routing stuff. I can ping
any machine FROM any machine of both sides. I can browse the network
neighborhood, all machines appear on it.

The gateway of all 192.168.0.0/24 machine is 192.168.0.1
The gateway of all 192.168.1.0/24 machine is 192.168.1.1

On 192.168.0.1 I setup a route telling that 192.168.1.0/24 network is
reachable by the 192.168.0.2 (AP 200). The Ap200 then bridges the traffic
to the other side 192.168.0.4 pcmcia wireless interface, and then it enter
the 192.168.1.0/24 network.

The problem is that, from a 192.168.1.0/24 win98 machine, I can browse the
network neighborhood, I can see all machines of 192.168.0.0/24 side, but
when I try to access a machine, it says that the machine isn't accessable.


If I insert a rule on linux gw 192.168.1.1 telling to masquerade all
192.168.1.0/24 traffic (iptables -t nat -A POSTROUTING -s 192.168.1.0/24
-j MASQUERADE), then everything works normally.


But WHY this masquerade? I don't want to use masquerade. I mean, the
cleaner my network topology is, better it will be. Why can't
it work with just trivial routing? Anyone knows?

As I said, without masquerade, I can do everything. Ping, resolve netbios
names, browse on the network neighborhood. Everything but access the
shares. With masquerade, I access the share.



thanks in advance
Rodrigo

More information about the samba mailing list